-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Hack, So now the image is much clear. I would assume that the ssl DB is stored in the SSD and not on sniping disks. Since the issue is with SSL only the issue still should be tested with no disk cache at all. This is to test the SSL issue and minimize the relevant data. I do not know the exact reasons for all errors but couple pointers. * for squid ssl-bump you will need a rootCA certificate which cannot be bought by just anyone and there for the assumption to buy one is not an option. * All over the world many work places use a local rootCA for internal usage and ssl content inspection and it's not a new thing that you cannot buy a rootCA certificate(or in this case private key) and it will be published to just anyone. Specifically for the FD and\or ssl negotiation issue, it is possible that such an issue will arise since there are more then couple cases which sslctrd helper might was not immunized against. The source for the issue can be (from my eyes) in the network level or the disk level or others. In any case if the issue came up and exists and the reason for the issue is squid internals that causes crashes(can be seen in the cache.log) the approach will be one. While if the issue is not causing crashes and the service continues to work properly but slow you maybe need to go one step back into the load testing. It's not the only option so a bug is an option but from my eyes squid is just being honest with the admin about an issue. I have seen your squid.conf and it's far from defaults..... You can try to run "diff your_squid.conf default_squid.conf" and see what I am talking about. If you want to solve the issue I would recommend you like before to start from 0 squid.conf and adding only the basics so at-least my head can contain the picture about your server. All The Bests, Eliezer On 12/29/2014 08:39 PM, HackXBack wrote: > Dear Eliezer Croitoru, what you suggest for me already done , http > not slow and http work like a charm but the slow in https traffic > also there is drop on https packets also i mentioned the log when > the packet https roped : > > with 3.5.0.4 2014/12/23 19:33:10 kid1| Error negotiating SSL on FD > 317: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry > (1/-1/0) > > with 3.4.x Error negotiating SSL connection on FD 36: > error:00000000:lib(0):func(0):reason(0) > > now i will downgrade for 3.4.10 and i will see a lot of logs while > browsing https Error negotiating SSL connection on FD 36: > error:00000000:lib(0):func(0):reason(0) > > > Another helpful question , i want to buy trusted certificate to use > it with squid , the question is which type of certificate i need , > i bought one from X and its type for apache , but when i used it > with squid , https error in browser says that invalid type, so what > type of certificate i need for that ? > > Thanks Very Much Best Regards. > > > > -- View this message in context: > http://squid-web-proxy-cache.1019090.n4.nabble.com/https-bug-slow-browsing-tp4668830p4668859.html > > Sent from the Squid - Users mailing list archive at Nabble.com. > _______________________________________________ squid-users mailing > list squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUoazdAAoJENxnfXtQ8ZQUv0IH/RUpy8hbyTy09ZJBv7UeLtn+ BwaDM6z2pKrTesW7ooxYfys3vfR11Fw1BZSzCLa0pzkHs8TUT3bNQYrh7RiXJbiy KfNVGu22XUmlmo1+uVIc1FfJgu1j71wzxsY/rz6gD9Lgi2yOkdDZBr6A/qrW1ZTo I0E8UaKAGLgiijHTCu91VY0g19ydP9yzs3e1MG10e0IQ4dwi/RuT86pI9mbVYfW4 rGaLakytyuoJ2Isq2naR5YkPjFG9prgDedO62gxE1UGftOJQ8Axotbglb+HJAcUO 0wCdapvRU86n+Uihqg8XVM7rZ8G7oM49D3o+Zefteu10n8jerJrXzAB3249VhKM= =2x8x -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users